Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

hacking oracle±Ê¼Ç

###author:hiphop###
###qq:70381908###
ΪʲôҪ¹Ø×¢ Oracle ?
ÒòΪOracle ±»´óÁ¿ÆóÒµËùʹÓÃ,ÓÐÐí¶àÄ¿±ê¿ÉÒÔÑ¡ÔñÀ´Éø͸
Ðí¶àÆóÒµ¶¼Ã»ÓиüÐÂÇÒÓÐDZÔڵķ½ÏÕ!
ÌáȨ·Ç³£¼òµ¥,ÈÝÒ×Äõ½shell!!
¶ÁÁËblackhat paper ÈÃÎÒ¿ªÊ¼À´Ñо¿Oracle
ÒòΪËûÖ»½²µ½Ò»Ð¡²¿·Ý ÕæÕý°²È«ÎÊÌ⻹ÓкܹãµÄ
Ö»ÊǹúÄÚºÃÏñºÜÉÙÍÚ¾ò
ÒòΪÓöµ½µÄ»·¾³²»¶à
µ«ÊÇ°¢ Oracle ÊÇ free download ºÇºÇ
¸¶·Ñ²Å¿ÉÒÔupgrade
Ò»°ãÁ¬½Ó Oracle ÐèÒªÒÔϼ¸¸öÌõ¼þ£º
IP
PORT
SID
username/password
The Oracle listener default port is 1521
generally in the 1521-1540 range
ɨÃè´Ì̽²»»á¸úÄã˵ÓÃʲô°æ±¾µ«Ð°æµÄnmap ¿ÉÒÔÈ¡µÃµ½Ò»Ð©,ʹÓÃTNS packet¿ÉÒÔ½â¾öÕâ¸öÎÊÌâ
TNS packet ¿ÉÒÔÁ˽â oracle °æ±¾
SID ´Ì̽·½Ê½:
1.TNS listener directly
2.brute force for default sid
3.query other component ¿ÉÄÜ°üº¬ÓÐSID
u/p Æƽâ
ÌáȨ·½·¨:
Ìá權 1 java function
Win32Exec
Ìá權2 smbrelay
Run OS commands via sql injection in web applications
Run OS commands via create table
Run OS commands via dbms scheduler
Run OS commands via PL/SQL and Extproc
Run OS commands via Java
Run OS commands via Oracle Text
Run OS commands via PL/SQL Native (9i)
Run OS commands via PL/SQL Native (10g / 11g)
Run OS commands via alter system set events
»¹»á½ÐøÔö¼Ó£¡£¡
´ËÎÄÖ»ÊÇÎÒµÄresearch µÄС±Ê¼Ç
ÁíÍâ½éÉÜÒ»¿î¹¤¾ß ¿ÉÒÔ×öµ½²¿·Ýà¡ pyдµÄ
download£º http://inguma.sourceforge.net/
demo£ºhttp://inguma.sourceforge.net/text/inguma_text.html
×¢:
Oracle default port list
Oracle HTTP Server listen port / Oracle HTTP Server port
80
Oracle Application Server
Edit httpd.conf and restart OHS
Oracle Internet Directory(non-SSL)
389
Oracle Application Server
 
Oracle HTTP Server SSL port
443
Oracle Application Server
Edit httpd.conf and restart OHS
Oracle Internet Directory(SSL)
636
Oracle Application Server
 
Oracle Net Listener / Enterprise Manager Repository port
1521
Oracle Application Server / Oracle Database
Edit listener.ora and restart listener
Oracle Net Listener
1526
Oracle Database
Edit listener.ora and restart listen


Ïà¹ØÎĵµ£º

¡¾×ª¡¿ OracleÖзÖÎö±íµÄ×÷ÓÃ

OracleÖзÖÎö±íµÄ×÷ÓÃ
http://diegoball.javaeye.com/blog/568009
ÎÄÕ·ÖÀà:Êý¾Ý¿â
1.·ÖÎö¸üбíµÄͳ¼ÆÐÅÏ¢,,ÓпÉÄܵ¼ÖÂÖ´Ðмƻ®¸Ä±ä..
2.ÒÔµÄanalyze table abc compute statistics;ÕâÌõΪÀý£¬Éú³ÉµÄͳ¼ÆÐÅÏ¢»á´æÔÚÓÚuser_tablesÕâ¸öÊÓͼ£¬²é¿´Ò»ÏÂselect * from user_tables where table_name='ABC';
¹Û²ìÒ»ÏÂNUM_RO ......

Oracle Database µÄѧϰ±Ê¼Ç

SQL:½á¹¹»¯²éѯÓïÑÔ
C R U D: Ôöɾ¸Ä²é
table :  name  age  score
desc+±íÃû    ---> ²éѯ±í½á¹¹
»òÕßÓà describe ÃüÁî (descÊÇdescribeµÄ¼òд)
²éѯÓïÑÔ£ºSELECT [DISTINCT] {*,column[alias],...} from table;
  SELECT identifies what columns from identifies which tab ......

OracleȨÏÞ¼¯ºÏ

¡¡¡¡alter any cluster ÐÞ¸ÄÈÎÒâ´ØµÄȨÏÞ
¡¡¡¡alter any index ÐÞ¸ÄÈÎÒâË÷ÒýµÄȨÏÞ
¡¡¡¡alter any role ÐÞ¸ÄÈÎÒâ½ÇÉ«µÄȨÏÞ
¡¡¡¡alter any sequence ÐÞ¸ÄÈÎÒâÐòÁеÄȨÏÞ
¡¡¡¡alter any snapshot ÐÞ¸ÄÈÎÒâ¿ìÕÕµÄȨÏÞ
¡¡¡¡alter any table ÐÞ¸ÄÈÎÒâ±íµÄȨÏÞ
¡¡¡¡alter any trigger ÐÞ¸ÄÈÎÒâ´¥·¢Æ÷µÄȨÏÞ
¡¡¡¡alter clu ......

oracleµÄ·ÖÇø±í¡¢·ÖÇøË÷ÒýºÍÈ«¾ÖË÷Òý²¿·Ö×ܽá


·ÖÇø±í¡¢·ÖÇøË÷ÒýºÍÈ«¾ÖË÷Òý£º
ÔÚÒ»¸ö±íµÄÊý¾Ý³¬¹ý¹ý2000ÍòÌõ»òÕ¼ÓÃ2G¿Õ¼äʱ£¬½¨Ò齨Á¢·ÖÇø±í¡£
create table ta(c1 int,c2 varchar2(16),c3 varchar2(64),c4 int constraint pk_ta primary key (c1)) partition by range(c1)(partition p1 values less than (10000000),partition p2 values less than (20000000),part ......

oracleÖÐ ÕýÔÚÁ¬½Ó...ORA 12541: TNS: ûÓмàÌý³ÌÐò

¶ÔÓÚ×°ºÃÁ˸ÃÈí¼þºó,ÀûÓÃsystemÊÇÄܵǽøÈ¥µÄ,»ú×ÓÖØÆôºó,³öÏֵĸÃÎÊÌ⣺
    ¿ÉÄÜÄú ÔËÐÐ--sqlplusw  ÊÇÄܵÇÉÏÈ¥µÄ  ¶ø»»³ÉPL/SQL Developer È´Á¬²»ÉÏ ·þÎñÆ÷,Èç¹ûÄúÈ·¶¨ÄãµÄ·þÎñ¿ªÆôÁË
    ËÑË÷ÕÒµ½tnsnames.oraºÍlistener.oraÎļþ, °ÑÆäÖеÄHOST=ºóµÄÖ÷»úÃû»òip¸ÄΪµ±Ç°µ ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ